One critical and six important Microsoft patches to start 2012
Posted by Tamas Rudnai on 12 January 2012 08:13 PM
The start of the Olympic year of 2012 sees a quick release of 7 patches from Microsoft, including 1 that addresses a critical vulnerability that allows remote code execution when exploited. Websense® Security Labs strongly recommends that you update to the latest patches to avoid attacks from cyber criminals.
Not surprisingly, Microsoft marked the recently discovered MIDI vulnerability (CVE-2012-0003) as critical, as it received huge publicity in the beginning of the year and is likely to be seen in exploit kits in the near future. With this bug, an attacker can run arbitrary code on a remote computer using a specially crafted MIDI file. The executed code runs with the same privileges as the local user, so a well-defined user policy could prevent further damage on the computer. Another patch In this latest bulletin fixes the DirectShow remote code execution vulnerability (CVE-2012-0004). With this one, an attacker can execute malicious code on a remote computer without user interaction using a specially crafted media file.
The infamous BEAST (Browser Exploit Against SSL/TLS) vulnerability has also been fixed with the January Tuesday Patch. With this vulnerability (identified as CVE-2011-3389 in mitre.org), a cyber criminal can act as a "man-in-the-middle" and interfere with the SSL (Secure Sockets Layer) protocol. As a result, an attacker can obtain the HTTP header in plain text, allowing access to session cookies.
Websense Security Labs and our ThreatSeeker™ Network are constantly monitoring for these threats occurring in the wild.
Read more »
Microsoft patches 15 important vulnerabilities
Posted by Tamas Rudnai on 15 September 2011 07:15 PM
This month, Microsoft issued 5 security bulletins covering 15 vulnerabilities in Excel and Windows. These updates are considered important rather than critical, as by the time of the patch there was no malicious code exploiting the vulnerabilities in the wild. Adobe also released a security bulletin patching 13 vulnerabilities in Acrobat Reader. Websense® Security Labs highly recommends applying the updates in order to avoid cyber criminals who may use these security holes for their malicious activities.
Arguably the most important bulletin is MS11-072, which targets five different vulnerabilities in Microsoft Office. An attacker could use any of these to execute arbitrary code on the computer with the same access rights as the user. This is a focus for any security researcher as hackers are constantly looking for newer ways to distribute their badware. Such issues are probably getting more and more headlines as Adobe's sandboxing system and regular security patches seem to be paying off, meaning an up-to-date system is much less prone to successful exploits by vulnerabilities in PDFs.
This does not mean, of course, that we will see no more vulnerabilities in Acrobat Reader. This Tuesday Adobe Issued a security bulletin too, fixing 13 vulnerability issues in their product. Each of the vulnerabilities could allow an attacker to execute a code on the host computer allowing them to take full control of it. This patch is rated as critical, therefore it is strongly recommended to apply it.
Also worth mentioning is that many companies have updated their DigiNotar certificates - Microsoft, Adobe, and even Mozilla Firefox issued the updates. Firefox even released an additional security patch targeting this issue. Please check that you have applied the latest updates so you are fully protected.
Is your organization using the latest Firefox 6 or Internet Explorer 9? Which one did you find more secure? Give us your thoughts in the comments.
Vulnerabilities patched by Microsoft on 13 September 2011:
Vulnerabilities patched by Adobe on 13 September 2011:
Local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).
Security bypass vulnerability that could lead to code execution (CVE-2011-2431).
Buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).
Heap overflow vulnerability that could lead to code execution (CVE-2011-2433).
Heap overflow vulnerability that could lead to code execution (CVE-2011-2434).
Buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).
Heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).
Heap overflow vulnerability that could lead to code execution (CVE-2011-2437).
Stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).
Memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).
Use-after-free vulnerability that could lead to code execution (CVE-2011-2440).
Stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).
Logic error vulnerability that could lead to code execution (CVE-2011-2442).
Websense Security Labs and our ThreatSeeker Network are constantly monitoring for these threats occurring in the wild.
Read more »